The Data Protection Act is something we all have to abide by as we all have records of clients stored in one form or another, but how many of you are fully aware of them.
Because the content of this article would form part of a contract you will have with employees, contractors etc. I don’t want to give any advice, but will lay down the basics and point you in the right direction so you can make your own assessments.
Put simply the Data Protection Act is there to keep your stored data safe. Anything you store be it staff records, client details etc. will fall under this act and it doesn’t matter if that is paper based or computerised.
Basic terminology
- As the owner of the data you are referred to as the “Controller”
- Anyone who works on this personal data is the “Processor”
Riding centre staff
Anyone who comes into contact with the personal records such as client details or staff records is a “Processor” and as such they need to have a contract that details their responsibilities regards the Data Protection Act.
What could form the basis of a claim
- If a client found you had use their records for a purpose other than the immediate basis of booking riding lessons e.g running a small equine shop that the client was not aware of then they may decide to make a claim/complaint.
- If a client was contacted by another yard and then found their records had been taken from your yard by a member of staff who was now working at the new yard this could warrant a claim.
A claim would take the form of a court case or a personal claim and could be costly so you need to make sure you have documented proof in place of how you store and secure records and the Data Protection rules that you have abided by and the contractual obligations all of your staff have to abide by.
My own suggestions
I have my own thoughts, knowing how yards and their staff work.
- Don’t allow staff to take client details off site in any form.
- Don’t let staff communicate with clients on social media.
- Don’t let staff use their own mobile phones or tablets to connect to the client personal data if stored electronically.
- Only allow agreed staff to use the personal records in either paper or electronic form.
- Make sure records can be locked away from staff and visiting clients.
- Do not allow computers to be used on your office network that have not bee agreed to by the management.
- If in doubt keep them out!
Further help
For more information about the rules laid down please visit www.ico.org.uk
Contact them immediately and tell them what you do and how you store records and see if you need to register with them. Make sure you mention all the ways in which you take on staff who are both paid and not paid as they all come into contact with the personal information you store and therefore are a risk.
You may find you need to rewrite all your staff contracts. It may be best to get legal help in producing these contracts.